WordPress Plugin Vulnerabilities

Altra Side Menu <= 2.0 - Abitrary Menu Deletion via CSRF

Description

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack

Proof of Concept

Affects Plugins

Plugin icon
altra-side-menu
No known fix

References

CVE
CVE-2024-12774

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Bob Matyas
Submitter
Bob Matyas
Submitter website
https://www.bobmatyas.com
Submitter twitter
bobmatyas
Verified
Yes
WPVDB ID
8decbef5-f106-488b-925c-42b3b280460a

Timeline

Publicly Published
2025-01-06 (about 11 months ago)
Added
2025-01-06 (about 11 months ago)
Last Updated
2025-01-06 (about 11 months ago)

Other

Published
Title
Published
2025-05-07
Title
theMarketer < 1.4.8 - Stored XSS via CSRF
Published
2023-08-11
Title
SB Child List <= 4.5 - Settings Update via CSRF
Published
2025-09-22
Title
Double the Donation < 3.0.0 - Cross-Site Request Forgery
Published
2025-12-11
Title
IMAQ Core <= 1.2.1 - Cross-Site Request Forgery to URL Structure Update
Published
2025-02-03
Title
GlobalQuran <= 1.0 - Cross-Site Request Forgery to Settings Update